redline | 0685a414aade167d052a5eca933ea42f510508c6ce600254e11fda42bd38bfff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

empress.rar
Size

5.3MB
Sample

230217-c4nqwadd59
MD5

53aa024f8ef4380a2420bf9d6beff04f
SHA1

729cf86a0441bb24f56148ffdf89ea7def5649e4
SHA256

0685a414aade167d052a5eca933ea42f510508c6ce600254e11fda42bd38bfff
SHA512

dc9869f6bd90bc0f41f2cecd4f6103a06efda65a7ac9c0d42c65179d5d61dd55a02642b0a221be41e4e006d9cc1b0fb3bd22bf75dc5079da72a4d7d5ce568450
SSDEEP

98304:9HS4tv/XF/tDbHptetc5FhswHyp5CBq6+nWHtHJK4FJpnKjFBrcrE9IiWLWz2a:s6v/XF1nHpteWPhs5pEBjJn+FBrcrMIo

Score

10^/10

redline infostealer spyware

Malware Config

Extracted

Family

redline

C2

45.15.157.131:36457

Attributes

auth_value
f4bbe99787a086a2bbc36d534a2de4f4

Targets

- Target
  
  Hogwarts Legacy by EMPRESS/Setup.exe
- Size
  
  249KB
- MD5
  
  a0744e6b91a6458df48aa0fe03ab6bab
- SHA1
  
  604a00dfa1a6672bf63c349c4214ccb41d4089b8
- SHA256
  
  482dca82f5b76d68a3486d7559a2e904b33a713e46ed9c08713cbf1829df9f12
- SHA512
  
  c59093825bc87b480a3f91e10b49fb5461d19721536d3c8e14de787616de79e0ec95308a886220659436dcc3be479a669c81ef5e6f658910758189ce294c0be0
- SSDEEP
  
  6144:Dm0YBSHhC398bZq1aoENPcrjcvj4z7fqHBbQ:DnUq88bZo/rAb4zjqHBb
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlineinfostealerspyware